Microsoft Patents Sudo's Behavior

Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."

Penalties

[alain94040]

I don't condemn all software patents. Just because it's software doesn't mean that it can't be brilliant and stunningly innovative.

But sudo with a GUI? A quick fix I'd suggest to get rid of those bogus patents is to have a rule that says that if a patent is proven obvious later on, then the company (Microsoft in that case) would lose all their patents for the year. That would make them think twice before filing junk...

---
the Co-FoundersMeetup in Mountain View is next week

Re:Penalties

[sopssa]

It's US patent system's fault, not Microsoft. They have to file these to cover their own ass. And actually I haven't ever seen MS patent trolling, they've even gave their patents to organizations which purpose is to keep them open. Even the TomTom vs. Microsoft case was because TomTom attacked MS first and they had to counter.

Patent system is the one to blame.

Re:Penalties

[Ethanol-fueled]

Patent system is the one to blame.

There are too many sudo-intellectuals running it, that's why.

Re:Penalties

[alexborges]

Patenting sudo is a slight legitimate error?

Damn. I want some of that anti-guilt thing you are taking.

Re:Penalties

[Tim+C]

I don't condemn all software patents.

I do. Copyright protects software, there's no need for patent protection.

Re:Penalties

[neiras]

$ make me a patent
make: *** No rule to make target `me'. Stop.
$ sudo make me a patent
Okay!
$

Re:Penalties

[postbigbang]

No, it was a typo.

They patented *sume*. Long 'e' by the way.

Re:Penalties

[adamdoyle]

copyright doesn't protect against duplicating functionality - only copying the exact binaries/source code. If I want to write my own sudo replica, copyright doesn't stop me... but a patent would.

Re:Penalties

[Toonol]

copyright doesn't protect against duplicating functionality - only copying the exact binaries/source code. If I want to write my own sudo replica, copyright doesn't stop me... but a patent would.

That is one of those statements where both sides shout "EXACTLY", and then stare at each other.

Re:Penalties

[JWW]

If you have a copy of his source code and duplicate product in another language, you'll get your clock cleaned in court. To effectively copy the other guys software, the best defense would be to have no knowledge whatsoever of his code.

Historically everyone in software has been copying everyone else all along. Things were fine before patents became all the rage. Imagine is Apple had patented the GUI in 1984. The windows GUI couldn't have been developed patent free until 1999. It's an absurd idea, no matter how much I currently dislike windows dominance. And, yes, I do realize Apple stole the GUI from Xerox...

Re:Penalties

Do we actually want to prevent duplication of functionality?
Also, isn't patent still supposed to allow duplicated functionality if the implementation is different enough?

Re:Penalties

[Waffle+Iron]

And actually I haven't ever seen MS patent trolling,

Their shakedown of camera vendors and threats to OS implementors over the VFAT patents are a classic case of patent trolling.

The technology covered by the patents no longer has any intrinsic value, because nobody uses OSes that don't support long filenames. The only reason to use the long/short filename conversion in VFAT is purely circular: to ensure compatibility with VFAT itself.

Thus, these patents only remaining purpose in life is to create a barrier to entry in the markets that Microsoft operates in. The technology covered by them is is providing no end-user benefit, and consumers are paying royalties and getting nothing in return other than a less competitive market.

Re:Penalties

[Kerrigann]

That sounds pretty ridiculous... what you would have created would most definitely be a derivative work, which would have copyright protection.

If you clean-room reverse engineered the program down to the last pixel, wouldn't there be a copyright claim to the layout and specific appearance of the program?

If the program looks different, is coded independently, but performs the same algorithms and functions, well that's called *interoperability*. If you don't understand why that's important, then we'll never ever agree.

I'm talking about a specific steering wheel design, you're talking about *the entire idea of a steering wheel*.

Somebody else came up with the idea of html, markup, tying a scripting language to said markup, asynchronous updates on the markup, and everything else we're using to communicate here, and there are probably patents covering most of it. Do you think that only very large companies with very large armies of lawyers should be writing web pages?

I'll give you that there are probably a select few areas where some patentable idea could be expressed in software, but the barrier to entry is so low in software development, that they all would have been implemented anyway. Patents are not a land grab or a right, they were only supposed to be used to increase production and knowledge. They don't, they waste huge amounts of energy, which is why people around here get so frustrated (and make silly arguments).

Of course, I'm not adding anything new and you probably knew all this, so I'll shut up now.

Re:Penalties

[earlymon]

http://xkcd.com/149/

Re:Penalties

[chaboud]

You're use of the word "genious" is brillant.

Re:Penalties

[fritsd]

You're using the argument that without software patents, those "inventions" would not be publically disclosed (after all, that's the trade-off, right?) So why is it that the source code of those "inventions" is not attached to the patent as proof of public disclosure? There's no technical reason whatsoever to not do this.

Re:Penalties

[damburger]

I always thought a sudo-intellectual was someone who thinks they are smart enough to be given the root password...

Re:Penalties

[jocknerd]

Math equations can be brilliant and stunningly innovative yet they can't be patented. Why should software be any different?

Re:Penalties

[PFI_Optix]

After skimming the patent, this sounds more like it's more like prompting for sudo. If this were Linux, it would be something like:

"You need to use sudo to run this program. Would you like to use sudo? y / n"

This is a very specific patent and most certainly wouldn't cover sudo, but rather the automatic detection of the need for it and a very detailed description of the GUI built on it. It's almost like the people writing about the patent didn't bother to read it...

Re:Penalties

[RichardJenkins]

After reading the patent, best I can tell is it's saying:

"Sometimes an application tries to do something whilst running under a non-privileged account. If an application tries this we could use [magic] to interrupt the process and present a dialogue allowing a user to assume permissions of another account which we know has appropriate permissions [by magic]. Alternatively, we could [do magic] to determine if the user can elevate privileges of their own account, and allow them to do so."

I'm not sure if such a system existed when this was filed in 2005 (it certainly does now, except the bits which this patent does by magic are fully fleshed out and publicly viewable in the source), but the only non-obvious part in going from the following scenario:

rj@laptop:/$ passwd root
passwd: You may not view or modify password information for root.
rj@laptop:/$ sudo passwd
[sudo] password for rj:
Enter new UNIX password: ...to what they described is the bit which they've left to magic.

Most tellingly: "the specific features and steps are disclosed as preferred forms of implementing the claimed invention." they're trying to steal the feature of automatic privilege escalation from anyone who wants to build it without going through MS.

Re:Penalties

[HungryHobo]

The problem being you can engineer your way round a patent on a specific innovative break design in a car.
Trying to work around a patent with a flowchart with a note reading "slows car down" is pretty much impossible.

Hence it kills innovation, not encourages it.

Re:Penalties

[daver00]

I presented this argument to someone just the other day, but here it is again: Mathematicians develop insanely difficult and complex algorithms all the time, and must share their work in the public domain because you can't copyright or patent mathematics. Not a formula, I'm talking about full algorithms, logical procedures, proofs and so on. Algorithms which have changed the world by such orders of magnitude that no matter how novel and amazing some little piece of code looks to the programmer, compared to the work of mathematicians it is almost always will come up looking pretty much completely trivial.

Imagine if someone had patented the fast fourier transform? Or any number of a virtually infinite set of unique and groundbreaking algorithms that have literally changed the course of science. Technology and science would be weaker for it, you might not even have a job with a computer in front of you.

Now why is it that sequences of logical steps, algorithms, when developed by mathematicians are anybodies game, and yet when a programmer or a software company comes up with an algorithm, a sequence of logical steps no different to the ones in the field of mathematics, it is suddenly different and needs monopoly rights granted to the author? Do you honestly think that novel method 3.57a to make database requests in a unique way is as important to the world as something like the fft? Or the Kalman filter?

Get over yourselves programmers, your code is not special, logic is logic, patenting a logical procedure is about as wrong as it gets in my books. If you develop code and it is useful, you are going to be the foremost expert in your new system. You will make money without a patent. The problem is this isn't about putting food on the table, this is about geeks who fancy themselves Knuth thinking they ought to be millionaires.

Re:Penalties

[ThatMegathronDude]

I don't think its most coders that want patents. It's the PHBs.

Re:Penalties

[Weaselmancer]

No, Lame. Fraunhofer is patent encumbered.

Re:Penalties

[KnowledgeKeeper]

And, yes, I do realize Apple stole the GUI from Xerox...

Actually, no. Apple traded their stocks for a day with Xerox engineers which had to show them what they've done. And they've done very little compared to things that were in the first Mac GUI. I.e. overlapping windows.

Things like these are documented on Apple's folklore site.

Re:Penalties

[falconwolf]

And, yes, I do realize Apple stole the GUI from Xerox...

On Xerox, Apple, and Progress. Fact is in return for Xerox allowing Steve Jobs and a development team to tour PARC Jobs allowed Xerox to invest in Apple by buying 100,000 shares of stock at $10 a share. Less than a year later that $1 million investment netted Xerox $17.6 million when Apple had it's IPO.

Falcon

Re:Penalties

[IICV]

Further: how quickly we forget the threat of those 235 patents. If that's not patent trolling, what is?

Re:Penalties

[donaldm]

There needs to be *something* which protects software developers from having their products ripped off and all their innovative functionality duplicated. Exactly how that *something* should work is best left to people far more expert in the field than me...but before we scrap software patents, we need to provide developers with an alternative.

There are plenty of somethings that can protect software developers:

1. Copyright
2. Proprietary software. In other words don't publish your code.
3. Licences such as GPL, LGPL, BSD (if you want to give it away), Creative Commons, ... etc

I am sure this can easily be added to without resorting to stupid software patents, which IMHO don't contribute to innovation in developing software. The only people that stand to gain from software patents are the Lawyers and patent Trolls.

Why am I so down on Software Patents? Well try to read one sometime, although be sure to have plenty of headache pills and a couple of belts of the hard stuff also helps. It is almost impossible for a professional person to understand the description let alone the Lawyer who wrote it. :)

Re:Penalties

[donaldm]

I believe there is a place for software patents, but I also think software patents are vastly over-issued. For some reason patent officials seem to think "on a computer" is not obvious and deserves a patent.

I respectively disagree. All software is based on "Numerical Analysis" which is a branch of mathematics which in itself can not or should I say "should not" be patentable.

I also think that if Patents apply to compiled software, copyright should only apply to the source code. If we consider software a "work of art", then it should not be patentable at all.

For source code it would be better under a License that is enforcible. You can take out a copyright on a suite of software which would effectively prevent people calling their functionally equivalent software the same as yours. Actually the best way to make money from software is to provide support and companies like Redhat and Novel are doing quite well even thought they provide the source for most of their products.

All software can be considered not only part of mathematics but also a "work of art" especially if there is any graphical output which could be considered copyright and therefore not patentable. An excellent example are "fonts" which can only be protected under copyright but not under patent, however this still allows someone to bring out a font which is functionally equivalent to the copyright font as long as they call said font a different name unless there is an agreement with the copyright holder.

Re:Penalties

[FireFury03]

1. Copyright
2. Licences such as GPL, LGPL, BSD (if you want to give it away), Creative Commons, ... etc

These things don't protect you from the things patents are _supposed_ to protect you from (namely, someone ripping off your _idea_, rather than your implementation).

1. Proprietary software. In other words don't publish your code.

This one will protect your idea, only if it is a hidden subsystem within your product - e.g. an algorithm which is orders of magnitude faster than existing methods of doing that job would be partly protected when integrated into proprietary software since it wouldn't be visible, but a "whole-product" idea such as Amazon's infamous one-click purchase system isn't protected because it is downright obvious how it could be implemented without needing to look at the code.

Of course, interested parties can still reverse engineer your code anyway.

I am sure this can easily be added to without resorting to stupid software patents, which IMHO don't contribute to innovation in developing software. The only people that stand to gain from software patents are the Lawyers and patent Trolls.

On this we certainly agree. IMHO the whole patent system is broken and rarely does anything beneficial to innovation.

Re:Penalties

You've got it exactly backwards. Patents very specifically do not cover _ideas_. They are absolutely 100% only for implementations.

It doesn't matter _what_ you build, it matters _how_ you build it.

The trouble is, that in the software world, many ideas are simple enough that there's really only one or two sensible implementations.

Re:Penalties

[mcgrew]

Sometimes an application tries to do something whilst running under a non-privileged account. If an application tries this we could use [magic] to interrupt the process and present a dialogue allowing a user to assume permissions of another account which we know has appropriate permissions [by magic]. Alternatively, we could [do magic] to determine if the user can elevate privileges of their own account, and allow them to do so."

But all your cabbages would explode!

Re:Penalties

[Golddess]

It doesn't allow for duplication if the result is the same.

Bullshit.

In an episode of Modern Marvels about Nikola Tesla I believe it was, they'd mentioned how, since Edison had patented his light bulb, he was able to disallow Tesla from using that design at the World's Fair. So Tesla invented his own florescent bulbs. End result is the same (produce light), yet there was no patent infringement on the part of Nikola Tesla.

Re:Penalties

[NotBornYesterday]

Thanks! My day isn't complete until I've pissed off an AC.

Re:Penalties

[Creepy]

Actually, it is a little beyond that, otherwise it would be identical to what Apple has done since MacOS X.0. What this does different is bring up a dialog box WITH USERS that can run the application, and you can select one of those to run the app as instead, if you know the password. In a UNIX-like system this is worthless because you may have hundreds or thousands of users, but most desktop windows systems only have a handful of users at most.

In fact, I don't think Linux (or UNIX for that matter) could even do this if it wanted to, or it'd be very ugly - it would have to check the sticky bit (and other special bits), then user, group, and role for all users to generate that list. Windows uses an ACL (Access Control List). Macs (since Tiger) and some UNIX/UNIX-likes support both UNIX permissions and ACLs which just compounds the mess. ACLs have a bit more flexibility than the UNIX bits - for instance, I could assign multiple groups and users not in those groups access permissions. I also don't have to edit /etc/passwd to do it (a root owned file) if I want to share a file with several users and don't have a container group.

claims

[sopssa]

As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:

1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.

3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.

4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.

5. The media of claim 2, further comprising permitting the task.

6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.

7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.

8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.

9. One or more computer-readable media having co

Re:claims

[Halo1]

Remember that they all have to apply.

No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).

This isn't exactly sudo.

That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

Re:claims

[jpmorgan]

Apparently the author at groklaw either doesn't understand patents, or doesn't understand the technology. Look at the very first claim:

One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

Emphasis mine. Sudo does not do this. Thus, this patent does not cover sudo. Fini.

Re:claims

[Adrian+Lopez]

Oh no, I've gone cross-eyed.

According to patent law, the above example of murder-by-verbiage is supposed to help third-parties implement the invention described, but the language employed is clearly designed to accomplish the exact opposite. I think it's time to put the patent system out of its misery.

Re:claims

[plasmacutter]

cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task

macos x does this

gksudo does this

This patent covers material which has been present in linux and macos X and is part of the evolving function of sudo. Fini.

Re:claims

[jpmorgan]

Except, gksudo doesn't come up in response to a failed security authentication. gksudo comes up because the control panel knows it needs administrator permissions and explicitly calls gksudo. gksudo is not sitting around behind the scenes, watching for authentication failures.

Re:claims

[wytcld]

Where's your analysis of the degree to which this "isn't exactly sudo"? It's pretty damn close. If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.

I'm nothing like a patent attorney. But my understanding is that if someone invents a special right-angle shovel, and patents it, you're going to be in trouble even if your shovel head is only at an 80 degree angle rather than 90 degrees. If not at 80, certainly at 89.

Besides, this patent ends with language claiming that the method of implementation is only the preferred one, while the patent covers other methods of implementation of the same underlying concept. And in which sense is the underlying concept even a few degrees different from what sudo does? Your analysis?

Re:claims

[tomhudson]

Adding a GUI is no more "creative" and "non-obvious" than adding "on the Internet".

Then again, it might be non-obvious to Microsoft. Does anyone remember if Microsoft XENIX had a sudo equivalent? It would be nice to use something from them from a quarter-century ago as prior art.

Re:claims

[TigerNut]

Remember that they all have to apply. This isn't exactly sudo.

Not correct. Of the claims you listed, 1, 2, and 9 are independent claims and can stand alone. A competitive product that incorporated just the elements of, say, claim 9, would violate this patent. A prior art product that included the elements of claim 1 would invalidate claim 1 as an independent claim, but not necessarily the combinations of claim 1 and claim 13 or claim 1 and claim 14. Unless the dependent claims 13 and 14 were subsequently judged to be obvious in light of the earlier product that demonstrated claim 1.

To an aggressive patent prosecutor, "exactly" has nothing to do with it. The approach is "We've got this patent, see? Pay us the money or we'll sue until you're out of business".

Re:claims

[Dachannien]

If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.

That's not the way it works. The examiner has to make a prima facie case of unpatentability in order to reject a claim. If the examiner can't substantiate such a case, the application gets allowed, and the applicant gets a patent.

Only when the examiner makes a prima facie case does the burden shift to the applicant to either successfully traverse the rejection (e.g., by properly indicating a flaw in the rejection, by citing case law applicable to the rejection, by providing evidence of unexpected results/commercial success/various other secondary considerations in the case of an obviousness rejection, etc.) or amend the claims.

Re:claims

[PhilHibbs]

If you try to do something that you aren't allowed to, does sudo automatically pop up and ask you if you want to authenticate to an account that does have the privilidges that you need? That's what this patent is about.

Re:claims

[apoc.famine]

Pretty much. I try to update my system, I get a box saying, "Please type your password here to sudo so I can complete this". Ubuntu has been doing that for years now.

Re:claims

[gparent]

But that's not sudo doing that. Whatever pops up that box ends up using sudo to up your privileges, though.

Re:claims

[the_womble]

kdesu and gksu do most of it, and, as someone pointed out above, Policykit does all of it.

Much more specific than the summary suggests

[Sockatume]

If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

Re:Much more specific than the summary suggests

[MBCook]

So, like what OS X had a year or two before Vista?

Re:Much more specific than the summary suggests

[plasmacutter]

If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

macos x has been doing this since its inception.

gksudo has been around for a long time as well.

this is NOT new.

Re:Much more specific than the summary suggests

[Sockatume]

Perfectly good examples of prior art that the author of that article skipped in favour of a content-less rant.

Re:Much more specific than the summary suggests

[Qzukk]

Yeah, going to have to agree here. Not only is it specifically an interface brought up after you've tried to do something you're not allowed to (which is what makes it "not sudo"), this interface will give you a list of users who ARE allowed to do it (rather than just the admin account), which is what separates it from all the other implementations of this kind of security that I know of (eg cash registers that stop and require manager intervention or Windows's earlier "You look like you're trying to install a program, would you like to be administrator?" popup).

Re:Much more specific than the summary suggests

[Theaetetus]

macos x has been doing this since its inception.

gksudo has been around for a long time as well.

this is NOT new.

You've said this in at least two different posts, yet failed to indicate what those do that this patent covers. For example, OSX doesn't present an interface with a "selectable help graphic", the selection of which causes display of other accounts that have a right to permit the task, based on frequency of use, association with the user, and an identified higher-rights account that can permit the task. And that's just three of the limitations of claim 1. I doubt gksudo does them either.

Re:Much more specific than the summary suggests

[PitaBred]

Whoop-de-fuck. How exactly is that novel or non-obvious?

Using a *NIX desktop would suck...

[stakovahflow]

without "sudo". My thanks to Micro$oft for inventing that great program! --Stak

Re:Using a *NIX desktop would suck...

[marcansoft]

Meh, I rarely use sudo. I guess I'm just not too used to it. So su me.

Re:Using a *NIX desktop would suck...

[sopssa]

Same here, sudo as it is incredibly inconvenient. When you're performing tasks that require root on Linux, you usually have to type in many commands at once to establish that task.

It's a lot more convenient to just su for root, do the thing and then su back, instead of writing the goddamn sudo all the time.

Re:Using a *NIX desktop would suck...

[marcansoft]

Wait, you su back? You do realize that that leaves your root session in the background and complete accessible, right? The proper way to "unsu" is to just exit the shell (exit, ^D, etc).

This is why software patents shouldn't be allowed

[PinkyDead]

...because I couldn't bothered reading all that shit.

Kill software patents

[rolfwind]

The big industry writes them up just as protection from patent trolls and then collude to keep small competition out (ie Microsoft was threatening that Linux was stepping on its patents back in the day).

Patents were made to spawn innovation - bypassing secretive guilds by incentivizing the opening of knowledge to public domain in exchange for a limited time monopoly. Projects and society are way too fluid now to keep many inane details secret anyway. There needs to be a study of which types of patents coming in provide useful knowledge to the People, and which majority are just wastes dumps of text - and amend the system accordingly.

I would urge the USA to do this now, while it is the leading superpower in which others follow suit. It may have been to our advantage in the past, but not so in the future, imo.

"patent this obvious idea"

Patent Office: "Rejected."

Microsoft: "sudo patent this obvious idea"

Patent Office: "Okay."

With apologies to xkcd.

They didn't get it on their first try...

[BobMcD]

MS: Grant me this patent.

USPTO: No!

MS: Sudo grant me this patent.

USPTO: Okay...

Re: They didn't get it on their first try...

[IorDMUX]

alias sudo='wouldyoukindly'

It seemed necessary...

Re:They didn't get it on their first try...

[MrNemesis]

> sudo make me a sandwich

> I'm sorry Dave, but under USPTO 7617530 I can't allow you to do that

Re:Stop with the alarmist headlines already

[lilo_booter]

Yes, MS has applied for a patent on sudo's behaviour and that is what the title is ridiculing - as should we. Regardless of their success or failure, we're entitled to point and laugh.

Interesting circumlocution

[jfengel]

In an attempt to patent a thing rather than the software itself, they say:

One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:

In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.

I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)

Re:Interesting circumlocution

[Theaetetus]

In an attempt to patent a thing rather than the software itself, they say:

One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:

In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.

Yep... This makes it an "article of manufacture", rather than a "process". The whole Bilski thing up before the Supreme Court only applies to processes; an article of manufacture comprising computer-readable instructions isn't affected, under In Re Beauregard.

I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)

Oh, yeah, they would. You download the software and save it to your hard drive... you just created a computer-readable media (the hard drive) having computer-readable instructions (the software) that, when executed, cause the computer to perform those acts. You're infringing by making and using the patented invention (you don't need to make all the parts of the invention - you don't need to have a hard drive fabrication lab... You just need to be the one to 'assemble' the invention).

But don't worry, they wouldn't sue you. Instead, they'd go after the people who sold you the software, as it's a component of a patented article of manufacture with no noninfringing uses.

How is any part of that flamebait?

[HangingChad]

Just because it's software doesn't mean that it can't be brilliant and stunningly innovative.

The suggested punishment might be a little extreme, but the idea is sound. We need some kind of penalty for companies filing junk patents for the electronic equivalent of exchanging oxygen for carbon dioxide across a thin, moist membrane.

Seems to be describing what Ubuntu (Gnome) does

[ericthughes]

when you attempt to mount a drive that is not defined in fstab. Ubuntu pops up a "enter your password" dialog. M$ maybe up to some dirty old tricks here...

Re:Stop with the alarmist headlines already

[reebmmm]

Not true. This is an ISSUED patent; see the patent number: 7,617,530. You can also check its status in public pair (http://portal.uspto.gov/external/portal/pair):
10-21-2009 ISSUE.NTF Issue Notification 1
10-01-2009 IFEE Issue Fee Payment (PTO-85B) 1
10-01-2009 LET. Miscellaneous Incoming Letter 1
10-01-2009 WFEE Fee Worksheet (PTO-875) 2
10-01-2009 N417 EFS Acknowledgment Receipt 2
08-24-2009 NOA Notice of Allowance and Fees Due (PTOL-85) 10

I'll draw your attention to the first and last lines in the excerpt from the file wrapper.

That said, the claims DO NOT cover sudo.

It's the other way round actually...

[pandrijeczko]

...with Windows' lax control of permissions allowing just about anybody to run as a super user, surely they should have a patent for "sudon't" which would probably be infinitely more useful?

What does functionality have to do with anything?

[91degrees]

There are thousands of patents for devices that duplicate the functionality of another. Hell, the diesel engine has exactly the same function as a petrol engine, and much of the functionality of a Newcomen engine (pressure difference driving pistons to provide a motive force).

The patent is on the process. Not the end result.

Now the process is pretty much indistinguishable from sudo as well, but if you're going to criticise at least criticise for the right reasons.

This IS already being done in Linux

[gbutler69]

And I'm not just talking about sudo/gksudo etc....look at "Policy Kit". This is EXACTLY what this Patent describes. EPIC FAIL Microsoft! The FREE SOFTWARE WORLD has OUT INNOVATED YOU AGAIN! Been doing this for at least more than a year. Been in design/documentation/talked about for even longer.

Re:This IS already being done in Linux

[dgatwood]

This patent was filed more than four years ago, in April of 2005. This filing predates Red Hat's announcement of PolicyKit by about a year. And PolicyKit probably wouldn't cover this even if it predated the Microsoft concept because it doesn't meet the "automatic" criteria, AFAIK.

And for anyone thinking that this is a patent on sudo, it is not. It also is not a patent on Apple's AuthorizationExecuteWithPrivileges, though it is much closer to that. It differs from the Mac OS X design in that it:

• Executes when the privilege violation occurs without requiring the app to be aware. This is, of course, a really dangerous idea for reasons I'll get into momentarily.
• Displays a list of accounts with the appropriate privilege. This is arguably not that useful on most OSes, but it is important if you have a rights system that is way too complicated....

It further differs from sudo in that it presents a GUI (in addition to the two ways above).

Regarding launching a GUI window when a privilege violation occurs, this is precisely why Windows got the "Allow or Deny" reputation it got. You really don't want to authorize every little action. Further, when it comes to a typical desktop environment, a rights system should not be so complex that there are more than about two classes of users anyway---those who have the rights to modify system files and those who are limited to their own files. Therefore, something like sudo, PolicyKit, AuthorizationExecuteWithPrivileges, etc. is generally a much better design because it puts the application in control of the experience and allows you to run a series of actions with elevated privileges, forcing apps to be designed with proper privilege separation, and reserving elevated privileges for only the minimum portion of the code necessary. The Windows "automatically throw up a GUI when you get a permission denied" design has a significant risk of creating user indifference towards important security notifications, which results in a significantly less secure system in the long run.

Also, I'm under the impression (based on the patent) that Windows is temporarily elevating the privileges of the application itself, which means that you now have a much larger chunk of code that must be checked for security holes, lest malicious individuals co-opt the application for nefarious purposes. Such a design also makes it very hard to adequately use code signing to ensure the authenticity of the code running with elevated privileges, thus allowing security holes in the app to readily be exploited and turned into the equivalent of root holes just by the user clicking "Allow".

In short, it's a terrible security design filled with myriad fundamental design flaws, all codified in a patent filing for all to mock. I certainly won't lose sleep over this patent getting approved. No one should reasonably want to implement the sort of security architecture that would violate this patent.

I have prior work

[rkuris]

I am the original author of "priv", which came before sudo, and I didn't see any mention of it. This utility was published in Unix World back in 1987, and basically did the same thing. Does this mean "priv" is exempt from this patent?

Re:This is why software patents shouldn't be allow

[nitehawk214]

I couldn't bothered reading all that shit.

Oddly enough, that is exactly what the patent examiner said.

POLICY KIT!

[gbutler69]

http://hal.freedesktop.org/docs/PolicyKit/

Re:This is why software patents shouldn't be allow

[jamstar7]

Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."

Since when do programmers need to be patent lawyers? Patents are written in fluent legalese, not plain $HUMANLANGUAGEOFYOURCHOICE.

Re:Stop with the alarmist headlines already

[jack2000]

Microsoft's behavior is not a shadow, rather it's darkness, a very specific kind of darkness mind you, it grows, squirms and twitches, it has physical form and it's like a cluster of tentacles as it grabs towards you..

Re:This is why software patents shouldn't be allow

[1729]

Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."

That's not a technical description: it's legalese. I've done my share of technical writing, ranging from scientific journals articles to user and developer documentation, but I'd never be able to get away with producing such incomprehensible gibberish.

Re:Actually the summary is basically correct

[spitzak]

It is not uncommon to pop up the sudo dialog in response to a permission-denied error from exec(). Therefore this patent does describe already-existing art. You and a dozen other posters seem to think the error detection has to be in the same process that actually does the access violation.

Re:Liunx schminux

[spitzak]

You are thinking of just the root account, or maybe "su" which is really "login as root".

"sudo" as in "run a single command as root and furthermore examine the commands before running them and restrict them to a set, and furthermore examine the user trying to run sudo to select the restricted set" was developed after Linux was popular.

However I believe a good deal of the work was done on BSD and other Unixes as well.

I'm sorry, what?

[warrax_666]

copyright doesn't protect against duplicating functionality

You say that like it's a bad thing.

(Independent innovation can be affected by the patent system. That in itself is absurd.)

Pseudocode

[failedlogic]

I think a better solution would be for the patent to be described using pseudocode or some variation thereof. Since this is afterall a software patent, the application should be written in a form that is legible to others in the field. It would also lead to easier settlement of a dispute since previous art could more easily be compared with pseudocode.

sudo precedes Linux

[earlymon]

"sudo" as in "run a single command as root and furthermore examine the commands before running them and restrict them to a set, and furthermore examine the user trying to run sudo to select the restricted set" was developed after Linux was popular.

I seem to recall using it long before Linux appeared.

http://www.gratisoft.us/sudo/history.html

http://www.gratisoft.us/sudo/readme.html

Unless there's some nuance in your quote that I'm missing.

BTW - gratisoft.us appears to mirror sudo.ws

Dear Newbs, su came before sudo

[BitZtream]

If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.

sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.

Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.

su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.

Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.

You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.

Dennis Ritchie already patented this

[argent]

Dennis Ritchie patented the setuid bit in what was probably the first software patent ever, and released the patent to the public domain. I think that counts as a slam dunk prior art, no?

Just like PolicyKit

[Jeremy+Visser]

That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot, which almost exactly matches how I visualised the patent after reading the initial claims.

Re:This is why software patents shouldn't be allow

[compro01]

Law is the programming language for the system of society. The problem is, rather than doing exactly what you told it to do, regardless of whether that's what you wanted it to do, the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.

Patent office needs to be revoked of sudo access

[Darkk]

The patent office needs to be revoked of sudo access.

Groklaw is wrong

The claims presented on their web page do not conflict with sudo.

sudo works in a very different way: sudo is about the user saying "i need to be a different user so I can run command Y"

This feature is about the operating system saying "user X, in order to do Y, you need more privilege."

The two concepts are quite different.

Maybe Groklaw folks should use Vista/Windows7, as well as Unix, and try to understand the difference(s) between the roles of the two.

Re:Patent office needs to be revoked of sudo acces

[FunPika]

No, we just need to disable Microsoft's access to run /usr/sbin/grantpatent as root in /etc/sudoers. ;)

Multiple issues getting mixed up here

There are multiple issues getting mixed up in the Groklaw article and the discussion on Slashdot.

A patent application has three hoops to jump through to be patentable:

35 U.S.C. 101 - the claims must be patentable subject matter. The question of "is software patentable" is what the Supreme Court is deciding in In Re Bilski. This is the largest issue most of the Slashdot community seems concerned about, and it's obviously a big issue right now. These claims, as written, may be patentable subject matter under current 101 criteria. This is why there were written with all the "computer readable media" language.

35 U.S.C. 102 - the claims must be "novel" subject matter. This is what people object to when they yell "BUT I DID THIS BACK IN 1990!"

35 U.S.C. 103 - the claims must be non-obvious subject matter. This is what most people appear to be objecting to in the present discussion....if sudo existed before this patent, then laying down Microsoft's GUI idea on top may be obvious. (This is NOT a Section 102 issue). This is the part where the patent office (and examiner) screwed up. Even if the examiner couldn't find a reference that taught exactly what Microsoft claimed, he/she should have at least rejected the now-issued claims as obvious. Maybe he did, but half-assed the rejection...who knows.

The Groklaw article points out an "obvious" patent and yells that is shouldn't be patentable subject matter. Those are two separate issues. Yes, it's probably obvious. Depending on your view of software patents, it should or should not be patentable subject matter. That fact that it's an "obvious" idea will NOT in any way be affected by the Supreme Court's decision in Bilski (that case is about patentable subject matter under Section 101).

Re:This is why software patents shouldn't be allow

As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.

To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).

Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.

AC for obvious reasons.

They didn't patent sudo.

[Eric+Smith]

Not a single claim of this patent would be applicable to sudo. The independent claims 1, 2, and 9 don't apply to sudo, because they describe significant behavior that is not part of sudo. By extension, none of the dependent claims can apply to sudo either.

You can still argue over whether it meets the obviousness criterion, but trying to spin this a "Microsoft patents sudo" is deliberately spreading FUD.

Re:This is why software patents shouldn't be allow

[syousef]

Law is the programming language for the system of society.

Well it's syntax is obscure and imprecise, it's practitioners are mostly B-Ark material, and people write horrible code with it.

Re:This is why software patents shouldn't be allow

[submain]

the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.

So law is interpreted. Wonder why our justice system is so slow...

Really something needs to be done about the system

[falconwolf]

You do something by barring software patents, Once that's done listen to the economists who have studied patents and encourage innovation by ending patents.

Falcon

alternatives to patents

[falconwolf]

before we scrap software patents, we need to provide developers with an alternative.

There are alternatives such as trade secrets and first mover advantage. Actually by scrapping patents you may encourage innovation, if a business wants to it's market share then it will innovate. As it is patents may discourage innovation. Tell me, why should I spend millions of dollars to invent something if I can be slapped with a lawsuit claiming infringement? Because patents are issued companies have to horde them just to use for self protection. With a thousand patents if another business comes along and threatens a patent infringement lawsuit then one of those patents may save the business because of mutually assured destruction. This forces businesses to spend more on defense than on innovation.

Falcon